HSTS Support for CherryPy using QuickStart?
42 views
Skip to first unread message
Greg Jewett
Apr 30, 2025, 5:00:05 PMApr 30
to cherrypy-users
I have the following configuration (see below). I can not figure out how to implement HSTS as discussed in the documentation [here](https://docs.cherrypy.dev/en/latest/advanced.html). If I add "tools.secureheaders.on": True to any of my configurations, I get the following actual runtime errors when go to the site:
CherryPy Checker:
The config entry 'tools.secureheaders.on' may be invalid, because the 'secureheaders' tool was not found.
section: [/include]
CherryPy Checker:
The config entry 'tools.secureheaders.on' may be invalid, because the 'secureheaders' tool was not found.
section: [/favicon.ico]
Where / How do I add support for HSTS to my CherryPy configuration?
My ISO department is dinging me for "HSTS Missing From HTTPS Server (RFC 6797)".
class ServeTools():
# If they request "/" (aka index) then serve up some help and guidance.
@cherrypy.expose
def index(self):
return displayHelp()
# If they request "/help" (aka index) then serve up some help and guidance.
@cherrypy.expose
def help(self):
return displayHelp()
# If they request "/as3tohtml" then serve up the HTML equivalent of the specified AS3 file.
@cherrypy.expose
def as3tohtml(self, env, as3_file):
as3 = AS3Declaration(env+"/"+as3_file)
if as3.getStatus():
return parse_as3(as3)
# If they request "/network_report" then serve up the HTML report of all VLANs, SIPs, and FIPs
@cherrypy.expose
def network_report(self, filter = 'all'):
net_report = NetworkReport(filter)
if net_report.getStatus():
return generate_report(net_report)
def displayHelp():
with open(scriptPath()+"/help.j2", mode='r') as file_handle:
reportTemplate = Template(file_handle.read())
return reportTemplate.render()
# =======================================================================================
# BEGIN Script
# =======================================================================================
if __name__ == '__main__':
# Define the CherryPy Global Configuration
# ------------------------------------------------------------------------------------------
cherrypy.config.update(
{
"server.socket_host": "scriptbox.its.utexas.edu",
"server.socket_port": 8888,
"server.ssl_module": "builtin",
"server.ssl_certificate": scriptPath()+"/ssl/scriptbox.pem",
"server.ssl_private_key": scriptPath()+"/ssl/scriptbox.key",
"server.ssl_certificate_chain": scriptPath()+"/ssl/server_chain.pem",
"log.screen": False
})
# Define the per directory CherryPy Configuration
# ------------------------------------------------------------------------------------------
config = {
"/include":
{
"tools.staticdir.on": True,
"tools.staticdir.dir": includePath
},
"/favicon.ico":
{
"tools.staticfile.on": True,
"tools.staticfile.filename": includePath + 'f5_tools.png'
}
}
# Setup MimeTypes
# ------------------------------------------------------------------------------------------
mimetypes.types_map['.ico'] = "image/x-icon"
# Setup CherryPy to start as a Daemon, running as a service.
# ------------------------------------------------------------------------------------------
cherry_daemon = Daemonizer(cherrypy.engine)
cherry_daemon.subscribe()
# Startup CherryPy
# ------------------------------------------------------------------------------------------
cherrypy.quickstart(ServeTools(), '/', config)
CherryPy Checker:
The config entry 'tools.secureheaders.on' may be invalid, because the 'secureheaders' tool was not found.
section: [/include]
CherryPy Checker:
The config entry 'tools.secureheaders.on' may be invalid, because the 'secureheaders' tool was not found.
section: [/favicon.ico]
Where / How do I add support for HSTS to my CherryPy configuration?
My ISO department is dinging me for "HSTS Missing From HTTPS Server (RFC 6797)".
class ServeTools():
# If they request "/" (aka index) then serve up some help and guidance.
@cherrypy.expose
def index(self):
return displayHelp()
# If they request "/help" (aka index) then serve up some help and guidance.
@cherrypy.expose
def help(self):
return displayHelp()
# If they request "/as3tohtml" then serve up the HTML equivalent of the specified AS3 file.
@cherrypy.expose
def as3tohtml(self, env, as3_file):
as3 = AS3Declaration(env+"/"+as3_file)
if as3.getStatus():
return parse_as3(as3)
# If they request "/network_report" then serve up the HTML report of all VLANs, SIPs, and FIPs
@cherrypy.expose
def network_report(self, filter = 'all'):
net_report = NetworkReport(filter)
if net_report.getStatus():
return generate_report(net_report)
def displayHelp():
with open(scriptPath()+"/help.j2", mode='r') as file_handle:
reportTemplate = Template(file_handle.read())
return reportTemplate.render()
# =======================================================================================
# BEGIN Script
# =======================================================================================
if __name__ == '__main__':
# Define the CherryPy Global Configuration
# ------------------------------------------------------------------------------------------
cherrypy.config.update(
{
"server.socket_host": "scriptbox.its.utexas.edu",
"server.socket_port": 8888,
"server.ssl_module": "builtin",
"server.ssl_certificate": scriptPath()+"/ssl/scriptbox.pem",
"server.ssl_private_key": scriptPath()+"/ssl/scriptbox.key",
"server.ssl_certificate_chain": scriptPath()+"/ssl/server_chain.pem",
"log.screen": False
})
# Define the per directory CherryPy Configuration
# ------------------------------------------------------------------------------------------
config = {
"/include":
{
"tools.staticdir.on": True,
"tools.staticdir.dir": includePath
},
"/favicon.ico":
{
"tools.staticfile.on": True,
"tools.staticfile.filename": includePath + 'f5_tools.png'
}
}
# Setup MimeTypes
# ------------------------------------------------------------------------------------------
mimetypes.types_map['.ico'] = "image/x-icon"
# Setup CherryPy to start as a Daemon, running as a service.
# ------------------------------------------------------------------------------------------
cherry_daemon = Daemonizer(cherrypy.engine)
cherry_daemon.subscribe()
# Startup CherryPy
# ------------------------------------------------------------------------------------------
cherrypy.quickstart(ServeTools(), '/', config)
Greg Jewett
Apr 30, 2025, 5:00:06 PMApr 30
to cherrypy-users
I have the following configuration (see below). I can not figure out how to implement HSTS as discussed in the documentation [here](https://docs.cherrypy.dev/en/latest/advanced.html). If I add "tools.secureheaders.on": True to any of my configurations, I get the following actual runtime errors when go to the site:
```
CherryPy Checker:
The config entry 'tools.secureheaders.on' may be invalid, because the 'secureheaders' tool was not found.
section: [/include]
CherryPy Checker:
The config entry 'tools.secureheaders.on' may be invalid, because the 'secureheaders' tool was not found.
section: [/favicon.ico]
``````
CherryPy Checker:
The config entry 'tools.secureheaders.on' may be invalid, because the 'secureheaders' tool was not found.
section: [/include]
CherryPy Checker:
The config entry 'tools.secureheaders.on' may be invalid, because the 'secureheaders' tool was not found.
section: [/favicon.ico]
**Where / How do I add support for HSTS to my CherryPy configuration?**
Reply all
Reply to author
Forward
0 new messages